AccessToken: IAccessToken;
The AccessToken property returns parameters of mandatory access control for the element.
To change mandatory access control parameters for element, use the IAccessElement.ApplyAccessToken method.
Executing the example requires that the repository contains an MDM dictionary with RDS_DICT identifier. The "Changing Security Label and Access Control List of Any Object" privilege should be given to the user who executes the example. In the security manager one or more privacy categories with multiple security levels must be specified.
Add links to the Metabase, Rds system assemblies.
Sub MandatoryAccess;
Var
MB: IMetabase;
Object: IMetabaseObjectDescriptor;
RdsDict: IRdsDictionary;
AOS: IAccessObjectSecurity;
Iterator: IAccessElementsIterator;
Level: integer;
Element: IAccessElement;
Token: IAccessToken;
SecCat: ISecurityCategory;
SecLevel: ISecurityLevel;
Begin
MB := MetabaseClass.Active;
// Get MDM dictionary
Object := MB.ItemById("RDS_DICT");
RdsDict := Object.Bind As IRdsDictionary;
// Check if mandatory access control is used
If RdsDict.HasMandatoryAccess Then
//Display name of the attribute used for mandatory access control
Debug.WriteLine(RdsDict.Attributes.MandatoryAccess.Id);
// Change access permissions for the first element of the dictionary
AOS := Object.GetSecurity;
Iterator := AOS.GetElements;
Level := Iterator.Next;
Element := Iterator.Current;
Element := Element.Edit;
Token := Element.AccessToken;
SecCat := MB.Security.Policy.MandatoryAccess.Category(0);
SecLevel := SecCat.Level(0);
Token.ClassificationLabel(SecCat) := SecLevel;
Element.ApplyAccessToken(AccessElementApplyOptions.None);
End If;
End Sub MandatoryAccess;
Example execution result: if mandatory access control is used for MDM dictionary elements, the first security level in the first privacy category is set for the first element of the dictionary.
See also: